In this post we will setup an HTTPS ingress with VMware PKS and go through some troubleshooting steps.
This guide will show you how to integrate vRA with PKS.
PKS 1.1.5 was recently released and has a number of important bug fixes and improvements. These include:
- Support for NSX-T 2.2
- NCP 2.2.1
- TLS support for Kubernetes Ingress
- NCP is no longer a Kubernetes Pod and is now a Linux process running on the master nodes
- NCP no longer creates duplicate virtual servers when restarted, which would happen when a master VM was restarted. This was problematic since the LB could only support 10 virtual servers. Once this limit was reached you would no longer be able to created Kubenetes load balanced servers or ingresses.
- All virtual servers are now removed when deleting multi-port Kubernetes services. Previously virtual servers would be left behind, which again would cause the LB to hit the maximum of 10 virtual servers.
- Running the pks delete-cluster command will now cleanup NSX-T related resources even if the cluster is in a bad state. Previously this required running the PKS NSX-T cleanup script.
See the release notes for more information.
Recovering from some of these issues required running multiple API calls and was kind of a pain. I’ve been putting the 1.1.5 release through its paces in multiple lab environments and it’s resolved all of the issues that I was running into.
This walk through will show how to upgrade from PKS 1.1.x to 1.1.5.
As of version 1.1.4, PKS uses version 2.0 of the NCP pod. This pod is responsible for performing managing resources in NSX-T, which includes creating routers, switches, allocating IPs, etc. Unfortunately, in version 2.0 of the NCP pod there is an issue where each time the pod is restarted, it will create duplicate virtual servers in NSX-T. This is especially problematic because PKS uses a small load balancer which can only have 10 virtual servers. Let’s see this in action.
First I’m going to explain the issue, but if you’d like to go directly to the fix, see the section Preventing the duplicate virtual servers below.
I’m going to show how to create a Jenkins pipeline to deploy an application to Pivotal Container Service (PKS). You can also check out Route to Cloud’s article on how to use Jenkins X and PKS. In order to keep the length down, I’m going to cut some corners such as installing most things on the Jenkins master and not using any slaves so please don’t consider this production grade.
There will eventually be a KB for this, but in the meantime I wanted to show how you can clean up PKS created NSX-T resources in NSX-T manager. You may need to do this when a PKS cluster fails to create or delete properly, and doing it manually is tedious and error prone.
Please make sure you have valid backups of the NSX-T manager before proceeding.
- curl -LO https://storage.googleapis.com/pks-releases/pks_cleanup_linux
- chmod +x pks_cleanup_linux
- sudo mv pks_cleanup_linux /usr/local/bin/pks_cleanup
I’m going to show how to use Kubernetes Storage Classes in Pivotal Container Service (PKS) and discuss some limitations you may run into. You can check out more info on vSphere Storage classes at Dynamic Provisioning and StorageClass API.